Proxy-dns as service on macOS


I’ve successfully got Cloudflared running the proxy DNS service interactively on macOS. Although it would be good for it to have its own embedded entries for (rather than rely on /etc/host entries I had to add). Even better if the DoH service could run on :wink:

I have not been able to get it to run as a service, however. Cloudflared service install will run with any arguments. Even if I tweak the generated plist and supply proxy-dns argument the daemon still does not work. Presumably, it is more geared towards Argo at this point?

Obviously doing something wrong, so could use some official instructions on

Thanks :slight_smile:

@graeme, can you share what you added to /etc/host?

What happens if you run w/ the following:
sudo Cloudflared proxy-dns --port 5354

Hi @joaquin, I am not sure I explained well enough to start with. I can run DoH using sudo Cloudflared proxy-dns just fine interactively. However, if I want this to start on boot, it would need to be created as a service, ie, Cloudflared service install. Is this supported? If so how can I configure it please?

If I modify my /etc/resolv.conf such that the nameserver is, I figured sudo Cloudflared proxy-dns had no way to lookup I therefore added:

We added a page on that describes how to get things running with either Cloudflared or dnscrypt-proxy.


See if this helps?

and this is the portion I think will resolve it for you as well…

sudo Cloudflared service install
INFO[0000] Applied configuration from /usr/local/etc/Cloudflared/config.yaml
INFO[0000] Installing Cloudflare Tunnel as an user launch agent
INFO[0000] Outputs are logged in /tmp/com.Cloudflare.Cloudflared.out.log and /tmp/com.Cloudflare.Cloudflared.err.log

Thank you @joaquin and @cs-cf the updated Cloudflared and instructions have worked perfectly. My Mac is now using DoH :clap:t2:

1 Like

Yeah, they worked for me as well!

1 Like

What about after you reboot? My experience is that it does not relaunch on reboot, even with the latest version. See my thread above, that cscharff linked to.

Reboot, then “[email protected]” from terminal. Do you get A records, or does it just hang?

I have just tried and found the same behaviour. The logs say:

time="2018-04-06T14:54:19+01:00" level=info msg="Starting DNS over HTTPS proxy server" addr="dns://localhost:53"
time="2018-04-06T14:54:19+01:00" level=fatal msg="Cannot start the DNS over HTTPS proxy server" error="failed to create a UDP listener: listen udp bind: permission denied"

As documented, I installed using sudo Cloudflared service install.

@ddiller can you try uninstalling the current service, and upgrading Cloudflared do at least 2018.4.3?

The issue with the old version is that launch agents installed in users’s home do not run as root (despite the ownership). The new version installs the launchd service file in /Library, which fixes the permission issue.

@graeme The Cloudflared 2018.4.4 has and as default upstream endpoints, so you don’t have to use /etc/hosts anymore.

Hi @mvavrusa, thanks for the heads up about 2018.4.4. I have upgraded.

Any thoughts on:

time="2018-04-07T09:51:05+01:00" level=fatal msg="Cannot start the DNS over HTTPS proxy server" error="failed to create a UDP listener: listen udp bind: permission denied"

Service was installed using sudo and com.Cloudflare.Cloudflared.plist is in /Library/LaunchAgents. Am running macOS 10.13.4.

Try a

$ sudo mv /Library/LaunchAgents/com.Cloudflare.Cloudflared.plist /Library/LaunchDaemons/

and reboot.

Does it work for you now? (Mine does!)


Thanks for investigating this @ddiler! I’ll make the /Library/LaunchDaemons default in the next version.

1 Like

That works a treat @ddiller, thanks.

1 Like